Overview
overview
9Static
static
3Wondershar...95.zip
windows7-x64
1Wondershar...95.zip
windows10-2004-x64
9Wondershar...it.dll
windows7-x64
1Wondershar...it.dll
windows10-2004-x64
1Wondershar...at.dll
windows7-x64
1Wondershar...at.dll
windows10-2004-x64
1Wondershar...ch.exe
windows7-x64
1Wondershar...ch.exe
windows10-2004-x64
1Wondershar...me.txt
windows7-x64
1Wondershar...me.txt
windows10-2004-x64
1Wondershar...46.exe
windows7-x64
4Wondershar...46.exe
windows10-2004-x64
4General
-
Target
Wondershare_Filmora_13.0.60.5095.zip
-
Size
551.7MB
-
Sample
240525-xaqnladg8y
-
MD5
2855ccdb68cb90398e8f31ae95b0f57e
-
SHA1
d0a05dc0c05745805a8015cd7efb282b028febef
-
SHA256
6f11b2269c38bb075439a4b480f0da8bb3a912e1160e6b4b6d3e0cb8810ec0b6
-
SHA512
8f7a3ae699e23a0e3dbbd97be639f744ff16871b5752c06af3f507241abfc32d41250339b7be93360d83832545eaea7bc346ec6d43d64caefdb40575109c1a3a
-
SSDEEP
12582912:aQk0UvRQMyB+/X/kFBbSMOTHmZJXF3iLQotVs1OknpvgstatpG6Oyfe:aNnQ5c/XcFZSM1JViLZtV9kF1aDG6Oz
Static task
static1
Behavioral task
behavioral1
Sample
Wondershare_Filmora_13.0.60.5095.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Wondershare_Filmora_13.0.60.5095.zip
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_8Bit.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_8Bit.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_Float.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_Float.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Patch.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Patch.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Readme.txt
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Wondershare_Filmora_13.0.60.5095/Crack/Readme.txt
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Wondershare_Filmora_13.0.60.5095/filmora_64bit_13.0.60_full846.exe
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
Wondershare_Filmora_13.0.60.5095/filmora_64bit_13.0.60_full846.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Wondershare_Filmora_13.0.60.5095.zip
-
Size
551.7MB
-
MD5
2855ccdb68cb90398e8f31ae95b0f57e
-
SHA1
d0a05dc0c05745805a8015cd7efb282b028febef
-
SHA256
6f11b2269c38bb075439a4b480f0da8bb3a912e1160e6b4b6d3e0cb8810ec0b6
-
SHA512
8f7a3ae699e23a0e3dbbd97be639f744ff16871b5752c06af3f507241abfc32d41250339b7be93360d83832545eaea7bc346ec6d43d64caefdb40575109c1a3a
-
SSDEEP
12582912:aQk0UvRQMyB+/X/kFBbSMOTHmZJXF3iLQotVs1OknpvgstatpG6Oyfe:aNnQ5c/XcFZSM1JViLZtV9kF1aDG6Oz
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_8Bit.dll
-
Size
24.2MB
-
MD5
ca3ce08c438a38bdcdf5cd3160f8164a
-
SHA1
da9c9ef072b7ff6a89e319ca675ad3f8154f33c4
-
SHA256
012578e8552356637d8fea99953d02d45799d8dd5697da3e0d98b4c6e202fac9
-
SHA512
7eee3e16133a26ae01c7a61bfdbf616ca6004f7fb2bf039451af5b3b48525bb2c70505d6fa28f3886b4ab33546c82c85f015b18e1871ba54e64687342fef4ed2
-
SSDEEP
196608:Hvwz+Zmewfx/K/AVLpMVpzA68iGbENqHByAXzH:BIbJpWEHh
Score1/10 -
-
-
Target
Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_Float.dll
-
Size
24.4MB
-
MD5
acab3b470d7bc82d6bcb1c5e62c2fd71
-
SHA1
0002ec185f8151bef9f6f69d18fe59531d2fe900
-
SHA256
885004022360144fa595b6c78a88bb9279b25bd8632b1d3da83785df276dfcd3
-
SHA512
6ab4f1d9fac60820a31ef4465d2c7f9b82fc59d055abef550f3becfbbd76b0f5822d604503c38fa0844e5dd6ca4c68189ed619461a0eab3d8749a53305cf81a1
-
SSDEEP
98304:jG2XvmrVlLKWmY96zFWP3LR9nTgPeWKcgRyGY3ppMGqU49pGm1gSYvLSyEF:yZrVl+Wv60P3LRVUXgbY3og49UD9LSbF
Score1/10 -
-
-
Target
Wondershare_Filmora_13.0.60.5095/Crack/Patch.exe
-
Size
32.1MB
-
MD5
b26a4b5fb6fc09689ffcc83ad1635c17
-
SHA1
7c047e6d2fb7a55f583d41ec6484b62300a2a683
-
SHA256
52104d3d55eea30c34424fc7df94bea2df81d0ace2a579f814bcd743ae345841
-
SHA512
5478673949ec1b4d9d1dcb4cffa48433613b27539c5b1bf5641e8a5371300215fb0a884ba614fab198173b17f18779ff49de69a4565e2a880fc1e39f1e4a63d3
-
SSDEEP
786432:39OVLxap2s1SljuTMbJ1CPj7zWeVTSVXkCjEV7:taaB1SkHxVTStfM7
Score1/10 -
-
-
Target
Wondershare_Filmora_13.0.60.5095/Crack/Readme.txt
-
Size
1015B
-
MD5
4bdcb376a230628244bfe4bc529ff026
-
SHA1
ca8b965188a0eca405a295e403d35e3ef30c593c
-
SHA256
b231c756b4d7999d762de919f3d10c9fa97562f2ec058bcfa93cabed02d2073e
-
SHA512
fc2333ca5a88669dda79ce455c78050c0203d10a2134138d01df0ae86c7c6ea229b0b9249da7fbc7cfd4f05c3002ff46c526a75dc75d69a5588e46831596b3f3
Score1/10 -
-
-
Target
Wondershare_Filmora_13.0.60.5095/filmora_64bit_13.0.60_full846.exe
-
Size
506.8MB
-
MD5
1c2471a5d46b0aac3ddb2757a72a2b62
-
SHA1
fb4e1450e506712480ae72c696a381f49e3670e5
-
SHA256
1467d00b1c386bf826613a42b09ce18664f59076ee78dcfcd010ef0e98bc73e2
-
SHA512
956ac3186d7356c726f6c76ad42ca673acb40767561f3f868e7837feb853c4645615392ace6e8db6f00f8c49099faf08095bdf66ebe3ad8bef7bd2f3d62a92d0
-
SSDEEP
12582912:33Ms0X3yYGTI/NNKlA3qBuS4QaT5d2CVd+vh4Z8ph3DS8dYXXmig60F:3crytM/Nsl8uuSs5sCVwvhrzzfYHmig/
Score4/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1